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DETAILED ACTION 
Claim Rejections - 35 USC § 102 

1 . The following is a quotation of the appropriate paragraphs of 35 U.S.C. 102 that 

form the basis for the rejections under this section made in this Office action: 
A person shall be entitled to a patent unless - 

(b) the invention was patented or described in a printed publication in this or a foreign country or in public 
use or on sale in this country, more than one year prior to the date of application for patent in the United 
States. 

2. Claims 1 - 5, 8 - 14, 21 -24, 29-31, and 33 are rejected under 35 
U.S.C. 102(b) as being anticipated by "A Framework for Inter-ORB Request Level 
Bridge Construction" (herein after Steinder). 

As to claim 1 , Steinder teaches (Mapping object references from HOP domain, p. 
10) a gateway between a first network and a second network (mapping or bridging 
mechanism resides at the boundary between domains; p. 2, Section 2), the system 
comprising: 

interface means (lnterORB_Proxy uses standard CORBA interfaces) to receive 
from the first network a message (request from the client's ORB) intended for an object 
in the second (server's ORB) network (lnterORB_Proxy uses standard CORBA 
interfaces to translate request from the client's ORB to the server's ORB; Section 5.1 , p. 
7), the message including an identifier for a further object in either the first or second 
network (a request arriving from MOP domain to the server ORB may contain IOR 
references which have to be mapped to the server's ORB proprietary form); 

means (half-bridge) to generate further interface means (new half-bridge with 
lnterORB_Proxy inside) for receiving from the second network messages for the further 
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object (half-bridge must create a new half-bridge with lnterORB_Proxy inside which 
encapsulates the reference); 

means to form a new identifier (reference specific for this domain) for the further 
interface means (lnterORB_Proxy object possesses a reference specific for this domain 
which replace IOR in the request); 

means to replace the received identifier (replace IOR in the request) with the new 
identifier (reference specific for this domain) in the message (lnterORB_Proxy object 
possesses a reference specific for this domain which replace IOR in the request); and 

means to forward the message to the object in the second network (reference 
returned in LocateReply is a final reference to be used during a call). 

As to claim 33, this is a method claim that corresponds to system 1 ; note the 
rejection to claim 1 above, which also meets this method claim. 

As to claim 2, Steinder teaches (Mapping object references from HOP domain, p. 
10) the new identifier includes information to enable subsequent recovery by the system 
of the received identifier (lnterORB_Proxy encapsulates the reference). 

As to claim 3, Steinder teaches (Section 5.4, p. 9) the new identifier includes a 
representation of the received identifier (opaque reference form is encapsulated in the 
object_key field). 

As to claim 4, Steinder teaches (Section 5.4, p. 9) the new identifier includes an 
indication of the identity of the received identifier and the system includes means to 
associate said indication with said received identifier (fill out the ProfileBody 
structure... the opaque reference is encapsulated in the object_key field... host and port 
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of this structure are assigned host name and port number of some MOP domain object 
which is able to support this reference in the case of calling it). 

As to claim 5, Steinder teaches (Section 5.4, p. 9) means to include in the new 
identifier a name tag (name and port number of some MOP domain object) to identify the 
interface means (host and port of this structure are assigned host name and port 
number of some HOP domain object which is able to support this reference in the case 
of calling it). 

As to claims 8 and 9, Steinder teaches (Section 5.4, p. 9) means to include in the 
new identifier an indication that the received identifier was received in a message from 
the first or second network (ProfileBody structure includes host and port). 

As to claim 10, Steinder teaches (Section 5.4, p. 9) form the new identifier 
(ProfileBody structure) on the basis of the determined origin (opaque reference is 
encapsulated in the object_key field). 

As to claims 1 1 and 13, Steinder teaches {Eager reference mapping to HOP 
domain, p. 10) if the received identifier originated in the first network, the means to form 
the new identifier forms a new identifier including information to enable subsequent 
recovery by the system of the received identifier (IOR including host name and port 
number is sent to the half-bridge on the server's side... recipient creates a half-bridge for 
server environment... a< reference of the lnterORB_Proxy inside the newly created half- 
bridge is sent to the server in the Request message). 

As to claim 12, Steinder teaches (Lazy reference mapping to HOP domain, p. 10) 
if the received identifier originated in the second network, having passed through the 
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system from the second network to the first network (LocateReply will contain IOR 
which points to the lnterORB_Proxy inside the created half-bridge), the means to form 
the new identifier forms a new identifier comprising an original identifier recovered from 
information included in the received identifier (a Bridge Factory is introduced in each 
cooperating environment... its host name and port number are used to fill the 
ProfileBody field of the IOR). 

As to claim 14, Steinder teaches (Section 5.1, p. 7 - 8) comprising means to 
detect a name tag (char * PeerRef) in the message. 

As to claim 21, Steinder teaches (Section 5.1, p. 7; Determining Foreign Object 
Reference at connection establishment stage, p. 10 - 1 1) the means to generate the 
further interface means comprises means to determine (finding the server object 
reference and creating its lnterORB_Proxy) on the basis of the received identifier 
whether a template (the lnterORB_Proxy is implemented as a template) for an 
appropriate further interface means is already known to the system. 

As to claims 22 and 24, Steinder teaches (Determining Foreign Object Reference 
at connection establishment stage, p. 1 0 - 1 1 ) the means to generate the further 
interface means comprises means, which is operable in the event an appropriate 
template is not known to the system, to obtain an appropriate template from a remote 
repository (a search for foreign object references and creation of lnterORB_Proxies for 
them is managed by a special trading protocol). 

As to claim 23, Steinder teaches (Section 5.1, p. 7) the means to generate the 
further interface means comprises means, which is operable in the event no appropriate 
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template is known to the system and/or an appropriate template is not recoverable from 
a remote repository, to obtain a generic template (lnterORB_Proxy uses standard 
CORBA interfaces... new CORBA module will inherit from the old one). 

As to claim 29, Steinder teaches (Section 5.4, p. 9) wherein the received 
identifier is an Interoperable Object Reference (Interoperable Object Reference) having 
the form IOR [host: port: key] (opaque reference is encapsulated in the object_key 
field.,. host and port of are assigned host name and port number). 

As to claim 30, Steinder teaches (Section 5.4, p. 9) the new identifier 
(ProfileBody structure) is an Interoperable Object Reference (Interoperable Object 
Reference) having the form IOR[host x: port x: key x] (object_key field... host and port), 
wherein key x includes information to enable subsequent recovery by the system of the 
received identifier (opaque reference is encapsulated in the object_key field). 

As to 31 , Steinder teaches (Section 5.4, p. 9) wherein key x includes a 
representation of the received object reference IOR[host i: port i: key i] (opaque 
reference is encapsulated in the object_key field). 

Claim Rejections - 35 USC § 103 

3. The following is a quotation of 35 U.S.C. 103(a) which forms the basis for all 
obviousness rejections set forth in this Office action: 

(a) A patent may not be obtained though the invention is not identically disclosed or described as set 
forth in section 102 of this title, if the differences between the subject matter sought to be patented and 
the prior art are such that the subject matter as a whole would have been obvious at the time the 
invention was made to a person having ordinary skill in the art to which said subject matter pertains. 
Patentability shall not be negatived by the manner in which the invention was made. 

4. Claims 6, 15 - 18, and 32 are rejected under 35 U.S.C. 103(a) as being 
unpatentable over Steinder in view of "ORB 2.0 RFP Submission" (hereinafter IONA). 
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As to claims 6 t 15, 17 and 18, Steinder does not teach checking validity of an 
identifier and determine if an object is available to receive messages. 

However, IONA teaches (p. 29) checking validity of an identifier (most ORBs 
provide the ability to determine if an object reference is still valid) determine whether the 
object in the second network is valid and is still available to receive messages 
(gatewayed objects that have not been used in a long time could be checked to see if 
they no longer exist). 

It would have been obvious to apply the teaching of checking validity of an 
identifier as taught by IONA to the invention of Steinder because gatewayed objects that 
have not been used in a long time could be checked to see if they no longer exist and, if 
they have been deleted, the proxy may also be deleted (p. 29 of IONA). 

As to claim 16, Steinder as modified teaches (Section 4.5.1, p. 25 of IONA) a 
naming service (name services) and the presence or absence of a name tag being 
indicative of whether the object associated with the name tag is available or not 
(gatewayed objects that have not been used in a long time could be checked to see if 
they no longer exist and if they have been deleted, the proxy may also be deleted). 

As to claim 32, Steinder teaches (Section 5.1 , p. 7 - 8; Section 5.4, p. 9) key x 
includes: an identifier to indicate from which network the object reference originated 
(opaque reference is encapsulated in the object_key field) and a name tag (char * 
PeerRef) associated with an identity of the gateway process. As to check data for 
verifying the validity of the object reference, see the rejection to claims 6, 14, 17 and 18 
above. 
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5. Claims 7, 19, and 20 are rejected under 35 U.S.C. 103(a) as being unpatentable 
over Steinder and IONA in view of U.S. Patent No. 6,189,048 to Lim. 

As to claims 7 and 19, Steinder as modified (p. 29 of IONA) teaches check data 
(most ORBs provide the ability to determine if an object reference is still valid) but does 
not specify a hash operation and a secret. 

However, Lim teaches (column 2, lines 33 - 50; column 6, lines 33 - 63; column 

9, lines 9 -26) a distributed client/server based object oriented operating system, object 
references with identifiers (object reference 150 includes a host identifier 152, a port 
designation 154, and an object key 156, Fig. 1c), hash operation (hash method) and a 
secret (user key 164, Fig. 1c). 

It would have been obvious to apply the teaching of a hash operation and a 
secret as taught by Lim to the invention of Steinder as modified because a hash 
function will return an ORB-internal identifier for an object reference. 

As to claim 20, Steinder as modified teaches (column 6, lines 13-21 of Lim) the 
secret is stored by and only accessible by the gateway (implementation repository 50, 
Fig. 1a is used to store information relating to object servers). 

6. Claims 25 - 28 are rejected under 35 U.S.C. 1 03(a) as being unpatentable over 
Steinder in view of U.S. Patent No. 5,991,877 to Luckenbaugh. 

As to claim 25, Steinder does not teach a trusted operating system. 
However, Luckenbaugh teaches (column 4, line 57 - column 5, line 5; column 

10, lines 10-40) teaches a trusted operating system (access control system includes a 
trusted framework). 



- Application/Control Number: 09/555,465 Page 9 

Art Unit: 2126 

It would have been obvious to apply the teaching of a trusted operating system 
as taught by Luckenbaugh to the invention of Steinder because this provides fine- 
grained security access authorizations (column 2, lines 39 - 55 of Luckenbaugh). 

As to claim 26, Steinder as modified teaches (column 8, lines 20 - 50; column 9, 
lines 23 - 31 ; column 1 0, lines 30 - 40 of Luckenbaugh) the trusted operating system 
enforces Mandatory Access Control (MAC and role-based policies). 

As to claim 27, Steinder as modified teaches (column 6, line 42 - column 7, line 
30; column 8, lines 1 -48 Luckenbaugh) comprising at least two logical compartments 
(client 301 and server 302, Fig. 3) and a trusted relay process (AuthClient class 140, 
Fig. 3) that has privileges necessary to pass messages between the two compartments, 
wherein the first network and the respective interface means are associated with a first 
compartment and the second network is associated with a second compartment (policy 
manager of 310a of the client 301 must issue the appropriate call through an AuthClient 
object 140 to invoke an appropriate return by the interaction of an authenticator object 
1 30 and the policy manager 31 0b of the server 302, Fig. 3). 

As to claim 28, Steinder as modified teaches (column 8, lines 20 - 50 of 
Luckenbaugh) wherein a secret (name and password), usable by the system in a hash 
operation for validating object references (authentication protocol between the client 
and server), is associated with a third compartment (Authenticator 130, Fig. 3), and 
wherein only the trusted relay process has the privileges necessary to retrieve the 
secret from the further compartment in order to enact a hash operation (instances of the 
AuthClient class 140 contains objects which preferably provide an interface... to collect 



- Application/Control Number: 09/555,465 Page 10 

Art Unit: 2126 

information concerning the client which are needed for particular authorization 
policies... any number of additional interfaces to accommodate other existing or custom 
authorization protocols can be provided). 

Conclusion 

7. The prior art made of record and not relied upon is considered pertinent to 
applicant's disclosure. 

U.S. Patent No. 6,182,154 to Campagnoni teaches a universal object request 
broker encapsulates 

U.S. Patent No. 6,105,132 to Fritch teaches control access by a task to an 
information object. 

U.S. Patent No. 6,134,594 to Helland teaches a multi-tier server application 
architecture with single-user access control. 

"Construction of a Generic Inter-ORB Bridge" by M. Steinder, A. Uszok, and K. 
Zielinski teaches a framework of a request-level generic bridge. 

"Interoperability Gateway Construction for Object-Oriented Distributed Systems" 
by A. Uszok, G. Czajkowski, and K. Zielinski teaches building specialized modules 
Gateways, which translate requests from the environment to an universal form of 
exchanged messages in Interoperability Architecture. 

8. Any inquiry concerning this communication or earlier communications from the 
examiner should be directed to Li B. Zhen whose telephone number is (703) 305-3406. 
The examiner can normally be reached on Mon - Fri, 8am - 4:30pm. 
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The fax phone numbers for the organization where this application or proceeding 
is assigned are (703) 746-7239 for regular communications and (703) 746-7238 for 
After Final communications. 

Any inquiry of a general nature or relating to the status of this application or 
proceeding should be directed to the receptionist whose telephone number is (703) 305- 
3900. 
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